sac pa
play

SAC PA Human Subject Research Data Security Review Process - PowerPoint PPT Presentation

Oct 31, 2022 •25 likes •225 views

Computing Services and Systems Development SAC PA Human Subject Research Data Security Review Process Presenter: Scott Weinman, CISSP, CISA, CPA, MBA, MS June 15, 2018 Computing Services and Systems Development Agenda Pitts Journey

  1. Computing Services and Systems Development SAC PA Human Subject Research Data Security Review Process Presenter: Scott Weinman, CISSP, CISA, CPA, MBA, MS June 15, 2018

  2. Computing Services and Systems Development Agenda • Pitt’s Journey • Current Process • Data Security Form • Future Process • Automate based on risk • Takeaways

  3. Computing Services and Systems Development Pitt’s Journey • 2015 – Pitt CSSD Security was asked to develop a research security review process by the Institutional Review Board (IRB) • Developed a relationship with the Pitt’s IRB • Inserted into IRB review process as an ancillary reviewer • Continue to refine and automate the process based on risk

  4. Computing Services and Systems Development Current Process – Data Security Review • Researchers submit a data security form with each study submission • CSSD Security reviews and provides guidance • CSSD Security approves once the researcher and Security agree the appropriate level of controls will be implemented

  5. Computing Services and Systems Development Current Process – Data Security Form • Word Document divided into 4 sections • Identifiers collected and coded • Technologies used • Storage used • Data lifecycle

  6. Computing Services and Systems Development Current Process – Data Security Form • Identifiers Collected - Identifiers • 18 HIPAA identifiers • Other unique identifiers

  7. Computing Services and Systems Development Current Process – Data Security Form • Identifiers Collected – Coded • Removing all identifiers? • Identifiable data stored separately from de-identified? • Is the data sensitive?

  8. Computing Services and Systems Development Current Process – Data Security Form • Technologies Used – Mobile Apps • Identifiable data? • GPS • Registration • Other access • How protected? • Device • Access • Encrypted • Transmitted • Vendor Risk Assessment? • Privacy Policy?

  9. Computing Services and Systems Development Current Process - Data Security Form • Technologies Used – Web based site/survey • Identifiable data? • How protected? • Encrypted • Transmitted • IP Address • Informed Consent • Vendor Risk Assessment?

  10. Computing Services and Systems Development Current Process - Data Security Form • Technologies Used – Wearable Device • Identifiable data? • GPS • Registration • How protected? • Encrypted • Transmitted • Mobile App needed? • Privacy Policy?

  11. Computing Services and Systems Development Current Process - Data Security Form • Technologies Used – Electronic Audio, Photographs, Video • Identifiable data? • GPS? • App used? • Sync in the cloud? • Privacy Policy? • Encryption? • Physical Security?

  12. Computing Services and Systems Development Current Process - Data Security Form • Technologies Used – Text Messaging • Message Content • Survey? • Informed Consent

  13. Computing Services and Systems Development Current Process - Data Security Form • Storage Used • Identifiable? • Storage • PC? • Server? • Cloud? • Other? • Workstation • Anti-virus? • Patched? • Encrypted? • Vendor Assessment?

  14. Computing Services and Systems Development Current Process - Data Security Form • Data Lifecyle • Who will have access? • Who is responsible for data security? (Principal Investigator) • Breach notification plan in place? • Data retention plan in place?

  15. Computing Services and Systems Development Future Process - Data Security Review • Data security form is being added into the IRB application as a web form – Edit checks to reduce omissions – Based on risk, certain combinations of data type, technologies, and storage locations will be automatically reviewed

  16. Computing Services and Systems Development Future Process - Data Security Review Data Security Web Form • Upfront questions created to assist in assessing risk • Anonymous • Sensitive • Added Social Media

  17. Computing Services and Systems Development Future Process – Data Security Review • Risk Matrix – Auto Review Criteria • Logic was built to auto review studies with certain data and technology combinations (red) • Other studies will continue to be manually reviewed (green)

  18. Computing Services and Systems Development Takeaways • Build a relationship between the IRB and Data Security • Become part of the study review workflow • Develop a standardized form • Take a risk based approach to the reviews • Build a relationship with the research community

  19. Computing Services and Systems Development Questions? Contact Information Scott Weinman University of Pittsburgh Email: sdw37@pitt.edu

  20. Computing Services and Systems Development Thank You

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Imputing Missing Social Media Data Stream in Multisensor Studies of Human Behavior Saha, K. ,

Imputing Missing Social Media Data Stream in Multisensor Studies of Human Behavior Saha, K. ,

Saha, K., et al. 2019. Imputing Missing Social Media Data Stream in Multisensor Studies of Human Behavior. In Proceedings of International Conference on Affective Computing and Intelligent Interaction (ACII 2019) .,

725 views • 25 slides
I EEE 5 G Sum m it Rio de Janeiro W elcom e Program On the web! Some changes due to travel

I EEE 5 G Sum m it Rio de Janeiro W elcom e Program On the web! Some changes due to travel

I EEE 5 G Sum m it Rio de Janeiro W elcom e Program On the web! Some changes due to travel restrictions Five sessions A view(s) of 5G Testing and infrastructure(s) Transversal technologies Physical Layer Panel

456 views • 19 slides
Internet of Things (IoT) Raspberry Pi Summer Camp Tech Talk Raspberry Pi Camp IoT 1

Internet of Things (IoT) Raspberry Pi Summer Camp Tech Talk Raspberry Pi Camp IoT 1

Internet of Things (IoT) Raspberry Pi Summer Camp Tech Talk Raspberry Pi Camp IoT 1 Introduction to IoT Raspberry Pi Camp IoT 2 IoT Source: IEEE ComSoc Raspberry Pi Camp IoT 3 What is Internet of Things (IoT) - 1 According to

168 views • 15 slides
Physical Computing ! In the next set of lectures, were going to Tangible UI sample a set of

Physical Computing ! In the next set of lectures, were going to Tangible UI sample a set of

Physical Computing ! In the next set of lectures, were going to Tangible UI sample a set of HCI areas: ! Tangible UI ! Augmented Reality ! Wearables Anderson/Fishkin ! Ubicomp CSE 510 ! They all try to widen the arena of discourse for

263 views • 8 slides
Public Workshop on Patient-Focused Drug Development Incorporating Clinical Outcome Assessments

Public Workshop on Patient-Focused Drug Development Incorporating Clinical Outcome Assessments

Public Workshop on Patient-Focused Drug Development Incorporating Clinical Outcome Assessments into Endpoints for Regulatory Decision-Making December 6, 2019 Public Internet Access Network: FDA-Public Password: publicaccess #PFDD Disclaimer

1.47k views • 90 slides
Introductions Instructor : Prof. Kristen Grauman TA : Wei-Lin Hsiao Visual Recognition

Introductions Instructor : Prof. Kristen Grauman TA : Wei-Lin Hsiao Visual Recognition

CS381V - lecture 1 - course intro Introductions Instructor : Prof. Kristen Grauman TA : Wei-Lin Hsiao Visual Recognition Fall 2017 What is computer vision? Today Course overview Requirements, logistics Done? 1. Vision for

429 views • 13 slides
A Novel Micro-Vibration Sensor for Activity Recognition: Potential and Limitations 14 th IEEE

A Novel Micro-Vibration Sensor for Activity Recognition: Potential and Limitations 14 th IEEE

Technology for Pervasive Computing A Novel Micro-Vibration Sensor for Activity Recognition: Potential and Limitations 14 th IEEE International Symposium on Wearable Computers Dawud Gordon, Georg von Zengen*, Hedda R. Schmidtke, Michael Beigl

470 views • 16 slides
Recursion Ch 14 Highlights - recursion Recursion No fancy blue words or classes this chapter

Recursion Ch 14 Highlights - recursion Recursion No fancy blue words or classes this chapter

Recursion Ch 14 Highlights - recursion Recursion No fancy blue words or classes this chapter Recursion is simply calling a method from inside itself This copy will re-run the method on any new arguments or information (See:

158 views • 14 slides
Recursion Ch 14 Announcements Midterm graded on gradescope Highlights - recursion Recursion

Recursion Ch 14 Announcements Midterm graded on gradescope Highlights - recursion Recursion

Recursion Ch 14 Announcements Midterm graded on gradescope Highlights - recursion Recursion No fancy blue words or classes this chapter Recursion is simply calling a method from inside itself This copy will re-run the method on any new

363 views • 24 slides
Quantum Game with Photons: Tensors in TypeScript, Visualized Piotr Migda p.migdal.pl /

Quantum Game with Photons: Tensors in TypeScript, Visualized Piotr Migda p.migdal.pl /

Quantum Game with Photons: Tensors in TypeScript, Visualized Piotr Migda p.migdal.pl / @pmigdal Project funded by: Centre for Quantum Technologies, National University of Singapore & Unitary Fund Quantum Computing devroom , FOSDEM20

686 views • 40 slides
Catchy vs. Comprehension Tanya Archie Noyce Master Teaching Fellow Secondary Math Coach for

Catchy vs. Comprehension Tanya Archie Noyce Master Teaching Fellow Secondary Math Coach for

Catchy vs. Comprehension Tanya Archie Noyce Master Teaching Fellow Secondary Math Coach for Omaha Public Schools Mnemonic: A device or aid intended to assist or improve the memory Gimmick: A trick or device used to attract attention or

253 views • 24 slides
in Social Media Context Zhongyu Wei 1 , Junwen Chen 1 , Wei Gao 2 , Binyang Li 1 Lanjun Zhou 1 ,

in Social Media Context Zhongyu Wei 1 , Junwen Chen 1 , Wei Gao 2 , Binyang Li 1 Lanjun Zhou 1 ,

An Empirical Study on Uncertainty Identification in Social Media Context Zhongyu Wei 1 , Junwen Chen 1 , Wei Gao 2 , Binyang Li 1 Lanjun Zhou 1 , Yulan He 3 , and Kam-Fai Wong 1 1 The Chinese University of Hong Kong 2 Qatar Computing Research

476 views • 21 slides
Programming Language Ideas Escape the Lab: A Declarative Data Description Language Kathleen

Programming Language Ideas Escape the Lab: A Declarative Data Description Language Kathleen

Programming Language Ideas Escape the Lab: A Declarative Data Description Language Kathleen Fisher AT&T Labs Research www.padsproj.org Data, Data, Everywhere! Incredible amounts of data stored in well-behaved formats: Databases: Tools

814 views • 65 slides
COMP 516 Research Methods in Computer Science Dominik Wojtczak Department of Computer Science

COMP 516 Research Methods in Computer Science Dominik Wojtczak Department of Computer Science

COMP 516 Research Methods in Computer Science Dominik Wojtczak Department of Computer Science University of Liverpool 1 / 88 COMP 516 Research Methods in Computer Science Lecture 21: Best Presentation Award and Final Tips Dominik Wojtczak

886 views • 88 slides
GTI Diagonalization A. Ada, K. Sutner Carnegie Mellon University Fall 2017 Comments 1

GTI Diagonalization A. Ada, K. Sutner Carnegie Mellon University Fall 2017 Comments 1

GTI Diagonalization A. Ada, K. Sutner Carnegie Mellon University Fall 2017 Comments 1 Cardinality Infinite Cardinality Diagonalization Personal Quirk 1 3 Theoretical Computer Science (TCS) sounds

538 views • 21 slides
Memory Models and OpenMP Hans-J. Boehm 6/16/2010 1 Disclaimers: Much of this work was done

Memory Models and OpenMP Hans-J. Boehm 6/16/2010 1 Disclaimers: Much of this work was done

Memory Models and OpenMP Hans-J. Boehm 6/16/2010 1 Disclaimers: Much of this work was done by others or jointly. Im relying particularly on: Basic approach: Sarita Adve, Mark Hill, Ada 83 JSR 133: Also Jeremy Manson, Bill

788 views • 46 slides
SecT Computer Security Seminar T echnische Universitt Berlin, Security in T elecommunications

SecT Computer Security Seminar T echnische Universitt Berlin, Security in T elecommunications

SecT Computer Security Seminar T echnische Universitt Berlin, Security in T elecommunications seminar@sec.t-labs.tu-berlin.de Berlin, 21 st of April 2017 Introduction Find/Read papers Write Citations & Plagiarism Papers What is this

830 views • 48 slides
BliStr: The Blind Strategymaker Josef Urban Czech Technical University in Prague October 18,

BliStr: The Blind Strategymaker Josef Urban Czech Technical University in Prague October 18,

BliStr: The Blind Strategymaker Josef Urban Czech Technical University in Prague October 18, 2015 1 / 23 Introduction: Large-theory Automated Reasoning Reason automatically in large formal theories Since 2003: ATP translation of the

590 views • 23 slides
Teilchenphysik mit hchstenergetischen Beschleunigern (Higgs & Co) 2. Hadron Accelerators

Teilchenphysik mit hchstenergetischen Beschleunigern (Higgs & Co) 2. Hadron Accelerators

Teilchenphysik mit hchstenergetischen Beschleunigern (Higgs & Co) 2. Hadron Accelerators 24.10.2016 Prof. Dr. Siegfried Bethke Dr. Frank Simon Overview Historical Introduction Accelerator Basics The Tevatron The Large

802 views • 77 slides
How To Use This Unique Deal Who Is This Guy, Joe? Structure to Make $1,000,000 In Full-Time

How To Use This Unique Deal Who Is This Guy, Joe? Structure to Make $1,000,000 In Full-Time

3/22/18 Who Is This Guy, Joe? I work with beginning Real Estate Investors to help them build long term wealth and short- term cash flow, using Lease Options from anywhere in the world. How To Use This Unique Deal Who Is This Guy, Joe?

638 views • 49 slides
Hybrid Cryptography with examples in Ruby and Go Romek Szczesniak Eleanor McHugh security

Hybrid Cryptography with examples in Ruby and Go Romek Szczesniak Eleanor McHugh security

Hybrid Cryptography with examples in Ruby and Go Romek Szczesniak Eleanor McHugh security consultant system architect Hardcore Happy Cat Ltd Games With Brains January 2015 romek an applied cryptographer since 1995 secures systems

725 views • 48 slides
Managing the future Capitalizing on the Driving Forces of Change Presented by Robert B. Tucker

Managing the future Capitalizing on the Driving Forces of Change Presented by Robert B. Tucker

Managing the future Capitalizing on the Driving Forces of Change Presented by Robert B. Tucker Innovation Resource Consulting Group EskoWorld 2019 Nashville, Tennessee, June 24 th , 2019 FADS TRENDS TECHNO-TRENDS DRIVING FORCES OF

445 views • 40 slides
HEAnet Background TERENA TF-PR Group John Boland, CE 26 th February 2009 Filte go dt Baile

HEAnet Background TERENA TF-PR Group John Boland, CE 26 th February 2009 Filte go dt Baile

HEAnet Background TERENA TF-PR Group John Boland, CE 26 th February 2009 Filte go dt Baile tha Cliath Agenda HEAnet - Irelands NREN Strategic Plan: 2008 2013 Core Services Video Communications Manager &

702 views • 26 slides
EuCARD-2 Enhanced European Coordination for Accelerator Research & Development Presentation

EuCARD-2 Enhanced European Coordination for Accelerator Research & Development Presentation

CERN-ACC-SLIDES-2014-0005 EuCARD-2 Enhanced European Coordination for Accelerator Research & Development Presentation The Birth of the 5 th Generation Light Source Rosenzweig, James B. (UCLA) 22 November 2013 The EuCARD-2 Enhanced

821 views • 56 slides

More recommend